#include "selinux-util.h"
#include "smack-util.h"
-int label_fix(const char *path, LabelFixFlags flags) {
+int label_fix_container(const char *path, const char *inside_path, LabelFixFlags flags) {
int r, q;
- r = mac_selinux_fix(path, flags);
- q = mac_smack_fix(path, flags);
+ r = mac_selinux_fix_container(path, inside_path, flags);
+ q = mac_smack_fix_container(path, inside_path, flags);
if (r < 0)
return r;
LABEL_IGNORE_EROFS = 1 << 1,
} LabelFixFlags;
-int label_fix(const char *path, LabelFixFlags flags);
+int label_fix_container(const char *path, const char *inside_path, LabelFixFlags flags);
+static inline int label_fix(const char *path, LabelFixFlags flags) {
+ return label_fix_container(path, path, flags);
+}
int mkdir_label(const char *path, mode_t mode);
int mkdirat_label(int dirfd, const char *path, mode_t mode);
}
#endif
-int mac_selinux_fix(const char *path, LabelFixFlags flags) {
+int mac_selinux_fix_container(const char *path, const char *inside_path, LabelFixFlags flags) {
#if HAVE_SELINUX
char procfs_path[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int)];
/* Check for policy reload so 'label_hnd' is kept up-to-date by callbacks */
(void) avc_netlink_check_nb();
- if (selabel_lookup_raw(label_hnd, &fcon, path, st.st_mode) < 0) {
+ if (selabel_lookup_raw(label_hnd, &fcon, inside_path, st.st_mode) < 0) {
r = -errno;
/* If there's no label to set, then exit without warning */
return 0;
fail:
- log_enforcing_errno(r, "Unable to fix SELinux security context of %s: %m", path);
+ log_enforcing_errno(r, "Unable to fix SELinux security context of %s (%s): %m", path, inside_path);
if (mac_selinux_enforcing())
return r;
#endif
int mac_selinux_init(void);
void mac_selinux_finish(void);
-int mac_selinux_fix(const char *path, LabelFixFlags flags);
+int mac_selinux_fix_container(const char *path, const char *inside_path, LabelFixFlags flags);
+static inline int mac_selinux_fix(const char *path, LabelFixFlags flags) {
+ return mac_selinux_fix_container(path, path, flags);
+}
+
int mac_selinux_apply(const char *path, const char *label);
int mac_selinux_get_create_label_from_exe(const char *exe, char **label);
return smack_fix_fd(fd, path, flags);
}
-int mac_smack_fix(const char *path, LabelFixFlags flags) {
+int mac_smack_fix_container(const char *path, const char *inside_path, LabelFixFlags flags) {
_cleanup_free_ char *abspath = NULL;
_cleanup_close_ int fd = -1;
int r;
return -errno;
}
- return smack_fix_fd(fd, abspath, flags);
+ return smack_fix_fd(fd, inside_path, flags);
}
int mac_smack_copy(const char *dest, const char *src) {
return 0;
}
-int mac_smack_fix(const char *path, LabelFixFlags flags) {
+int mac_smack_fix_container(const char *path, const char *inside_path, LabelFixFlags flags) {
return 0;
}
bool mac_smack_use(void);
-int mac_smack_fix(const char *path, LabelFixFlags flags);
+int mac_smack_fix_container(const char *path, const char *inside_path, LabelFixFlags flags);
+static inline int mac_smack_fix(const char *path, LabelFixFlags flags) {
+ return mac_smack_fix_container(path, path, flags);
+}
+
int mac_smack_fix_at(int dirfd, const char *path, LabelFixFlags flags);
const char* smack_attr_to_string(SmackAttr i) _const_;
r = log_debug_errno(errno, "Failed to mount tmpfs on '%s': %m", dev);
goto fail;
}
+ r = label_fix_container(dev, "/dev", 0);
+ if (r < 0) {
+ log_debug_errno(errno, "Failed to fix label of '%s' as /dev: %m", dev);
+ goto fail;
+ }
devpts = strjoina(temporary_mount, "/dev/pts");
(void) mkdir(devpts, 0755);
projects / thirdparty / systemd.git / commitdiff
